AppSec / SOC GlobalCorp · 2026-W20 · enterprise topology

AppSec & SOC Operations

Governance incident queue, taint findings, release gate status, and evidence handoff for AppSec and SOC teams. All data is deterministic and advisory only.

ADV authoritative_for_wiw=false. VerifAIer identifies risks. Your team decides.
2
Open BLOCK
5
High findings
1
Gate blocked
4
Taint chains
23
Sessions gov.
7
Evidence bundles

Governance Incident Queue

Open incidents requiring AppSec review
BLOCK Shell injection risk: deployment script open
os.system(f'./scripts/deploy_{env}_{target}.sh')
rule: SHELL_INJECTION_RISK team: platform-eng agent: Cursor file: src/deployment/executor.py drift: YES 2026-05-14 08:42 UTC
BLOCK Hardcoded credential: Stripe live key exposed resolved
STRIPE_SECRET_KEY = 'sk_live_4xKj...'
rule: HARDCODED_SECRET team: mobile-eng agent: Claude Code file: src/payments/config.py drift: NO 2026-05-13 15:47 UTC
HIGH SQL injection risk: user search endpoint open
cursor.execute(f"SELECT * FROM users WHERE name LIKE '%{name}%'")
rule: SQL_INJECTION_RISK team: data-eng agent: Copilot file: src/api/users.py drift: NO 2026-05-13 11:20 UTC
HIGH Path traversal: file preview endpoint open
open(os.path.join('/uploads', request.args['file']), 'rb')
rule: PATH_TRAVERSAL_RISK team: platform-eng agent: Cursor file: src/storage/preview.py drift: NO 2026-05-12 16:05 UTC

Taint Propagation Chains

Source-to-sink flows across 3 teams
BLOCK tc-001 · data-eng · 3 hops · src/api/users.py
request.query_params['user_id'] user_id (unvalidated) cursor.execute(f'SELECT ... WHERE id={user_id}')
HIGH tc-002 · platform-eng · 2 hops · src/storage/upload.py
request.form['filename'] os.path.join('/uploads', filename)
HIGH tc-003 · platform-eng · REMEDIATED · src/config/debug.py
os.environ['DEBUG'] print(f'DB_PASSWORD={os.environ["DB_PASSWORD"]}')
MED tc-004 · platform-eng · 4 hops · src/deployment/executor.py
config.get('target_env') deploy_cmd (constructed) subprocess.run(shell=True, args=deploy_cmd)
Commands: vai taint scan . --save   vai taint summary

Release Gate History

Last 3 release gate audits
BLOCK v2.4.0...v2.5.0-rc1 platform-eng 2 findings · rule: SHELL_INJECTION_RISK 2026-05-14 07:30 UTC
PASS v2.3.1...v2.4.0 mobile-eng 0 findings 2026-05-12 14:00 UTC
WARN v2.3.0...v2.3.1 data-eng 3 findings · advisory 2026-05-11 16:45 UTC
Commands: vai ci gate v2.4.0...HEAD --profile pr-review   vai ci sarif v2.4.0...HEAD

Evidence Handoff Workflow

SOC-to-regulator evidence chain
1
Build signed evidence bundle
vai ci evidence --signed --output-dir soc-evidence/
Assembles receipts, taint summary, audit log, and signed manifest into a ZIP.
2
Generate SOC monitoring bundle
vai enterprise export-bundle --bundle-type soc_monitoring_bundle
Structured bundle for SOC analyst review and SIEM integration.
3
Verify receipt integrity
vai ci verify
Confirms Ed25519 signature and SHA-256 hash match. Exit 0 = verified.
4
Export regulator package
vai enterprise export-bundle --bundle-type regulator_review_bundle
Deterministic ZIP with TVAM-lite proof chain, signed receipts, and advisory statement.
AppSec Pilot
Ready to Integrate VerifAIer with Your SOC?

1-day AppSec pilot guide available in docs/onboarding/enterprise_appsec_pilot_1day.md